void OnBeforeDelete(object sender, OnBeforeDeleteEventArgs e)
{
if (e.SkipSecurity)
{
return;
}
// Security is applied during delete traversal stage only (since predicates require relations to be loaded etc, can't work during commit phase)
if (e.IsCommitPhase)
{
return;
}
var authentication = ApplicationSettings.Container.Resolve <IAuthentication>();
var claims = authentication.GetCurrentUserClaims();
string message = null;
SecurityPredicate predicate = null;
var permissionLevel = ApplicationSettings.Container.Resolve <IAuthorizations>().CanDelete(e.Entity, claims, out message, out predicate);
if (permissionLevel != PermissionLevel.Authorized)
{
authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access")));
}
// If there is filter defined => we should verify the data accessed complies with the filter
if (predicate != null)
{
e.FilterExpression = predicate.Filter;
}
}
private void OnBeforeDelete(object sender, OnBeforeDeleteEventArgs e)
{
// We're effectively disabled during actual deletion
if (e.IsCommitPhase)
{
return;
}
// If we get here, we're traversing the delete graph.
// Traversing means we're looping round doing a depth first cascade through relations, and we add each 'leaf' instance to the ordered list of objects to be deleted
// But we're not actually goind any deleting during this phase, so we flag isHandled to block the delete at DataProvider level (means it skips the actual Delete call)
e.IsHandled = true;
// Initialise
Init(e.Parameters);
// Get the instance (e.Entity is only used to pass through the PK)
var instance = Data.Get(e.Entity as TEntity, parameters: e.Parameters, skipSecurity: true);
if (instance == null)
{
return;
}
// Ripple the delete through relations / subtypes
var settings = new DataProviderDeleteSettings(e);
settings.SkipSecurity = true;
Ripple(instance, settings, e.Parameters);
}
